We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

UK court casts doubt on use of IP addresses to identify individuals

A court in the United Kingdom has cast doubt on whether IP addresses can be used to identify infringement of copyright by a specific individual. In this post, we ask whether this case impacts the generally accepted view in Europe that IP addresses should be treated as personal data under applicable data privacy laws.

The case of Media CAT Limited v Adams & Ors [2011] EWPCC 6 involved allegations that a number of defendants had infringed copyright in pornographic films through the use of peer-to-peer (P2P) software. In order to prove these allegations the claimant had monitored the unauthorised exploitation of the copyright work on the P2P network and compiled a list of IP addresses linked to the unauthorised exploitation of the work. Accordingly, one of the issues to be determined at trial was whether it is possible to use IP addresses on their own to establish that a specific individual had committed copyright infringement.

Before the court could determine this issue, Media CAT issued notices of discontinuance in respect of the original proceedings with the intention of reissuing new claims. Media CAT is now reported to have ceased trading and be insolvent and while we are therefore unlikely to receive a definitive answer to this question as part of this particular action, in his judgment of 8 February 2011, HH Judge Birrs QC saw fit to question whether IP addresses could be used to establish copyright infringement:

“91. First, the nature of the case itself raises many questions. I have mentioned some of them above. The issues are as follows:-

1. Does the process of identifying an IP address in this way establish that any infringement of copyright has taken place by anyone related to that IP address at all.

2. Even if it is proof of infringement by somebody, merely identifying that an IP address has been involved with infringement then encounters the Saccharin problem. It is not at all clear to me that the person identified must be infringing one way or another. The fact that someone may have infringed does not mean the particular named defendant has done so. Perhaps the holder of the account with the ISP has a duty to assist along the lines of a respondent to another Norwich Pharmacal order but that is very different from saying they are infringing."

What does this mean for data privacy? The case did not conclusively determine that IP addresses cannot be used to identify individuals for the purpose of establishing copyright infringement. It is merely a question of evidence. An IP address alone cannot conclusively connect the individual accessing the internet and committing an infringing act with the individual that holds the account with an ISP connected to that IP address. To convict some-one of crime in the UK (among other places) you need to establish beyond all reasonable doubt that they (not any-one else) are guilty. Conversely, in order to protect privacy the law needs to take a more conservative approach and if something can be used to identify an individual (even if it does not do so in call cases) then that data should attract the requisite protection.

Whilst no organisation that processes IP addresses and related data should treat Media CAT as authority to ignore the data privacy laws; it does beg the question of whether as technology advances and we carry portable devices with us everywhere linking to any available wifi network whether an IP address alone (when not coupled with information collected by cookies or other unique identified that can distinguish between users) will ever really track the activity of a single individual in a way that it should attract the protection of data privacy rules.

This article is made available by Latham & Watkins for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. Your receipt of this communication alone creates no attorney client relationship between you and Latham & Watkins. Any content of this article should not be used as a substitute for competent legal advice from a licensed professional attorney in your jurisdiction.

Compare jurisdictions:Data Security & Cybercrime

"I have enjoyed receiving the Lexology newsfeeds over the last few months and in general find the articles of good quality and relevant. I like the fact that the email contains a short indication of the subject matter of the articles, which allows me to skim the newsfeed very quickly and decide which articles to read in more detail."